Skip to content

Instantly share code, notes, and snippets.

View WhatsARanjit's full-sized avatar

Ranjit Viswakumar WhatsARanjit

38 followers · 1 following
View GitHub Profile
@WhatsARanjit
WhatsARanjit / main.tf
Created November 6, 2023 13:22
TF conditional provisioner
variable "switch" {
default = true
}
locals {
prov_cmd = var.switch ? "echo 'YES'" : "echo 'NO'"
}
resource "null_resource" "test" {
provisioner "local-exec" {
@WhatsARanjit
WhatsARanjit / shell.sh
Created October 4, 2023 19:29
Vault subkey API
$ vault kv put secret/stuff fruit=apple color=red
== Secret Path ==
secret/data/stuff
======= Metadata =======
Key Value
--- -----
created_time 2023-10-04T19:20:52.20066Z
custom_metadata <nil>
deletion_time n/a
@WhatsARanjit
WhatsARanjit / check.sh
Created August 16, 2023 16:39
Terraform external data source
if [ -f "dontdoit" ]; then
RESULT="true"
else
RESULT="false"
fi
echo "{ \"check\": \"$RESULT\" }"
@WhatsARanjit
WhatsARanjit / shell.sh
Created August 22, 2022 18:14
Vault EGP Sentinel for no wildcard AWS IAM permissions
# Setup AWS secrets
vault secrets enable aws
vault write aws/config/root \
access_key=$AWS_ACCESS_KEY_ID \
secret_key=$AWS_SECRET_ACCESS_KEY \
region=us-east-1
# Write the Actions policy
# https://github.com/hashicorp/vault-guides/blob/master/governance/sentinel/inline-iam-actions.sentinel
POLICY=$(base64 inline_iam_actions.sentinel)
@WhatsARanjit
WhatsARanjit / rename_org.sh
Created June 7, 2022 15:54
Rename your TFC org
export ORG="current_name"
export NEW="new_name"
curl -sk \
-X PATCH \
-H "Authorization: Bearer $TFH_token" \
-H "Content-Type: application/vnd.api+json" \
-d "{ \"data\": { \"type\": \"organizations\", \"attributes\": { \"name\": \"$NEW\" } } }" \
"https://app.terraform.io/api/v2/organizations/${ORG}"
@WhatsARanjit
WhatsARanjit / _shell.sh
Created May 20, 2022 17:29
Datasource for TFC IP ranges
$ terraform apply -auto-approve
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
api = [
"75.2.98.97/32",
"99.83.150.238/32",
]
@WhatsARanjit
WhatsARanjit / _sentinel-test.sh
Created May 12, 2022 20:01
CSR common_name sentinel
$ sentinel test -verbose csr_common_name.sentinel
Installing test modules for test/csr_common_name/fail.json
Installing test modules for test/csr_common_name/success.json
PASS - csr_common_name.sentinel
PASS - test/csr_common_name/fail.json
logs:
common_name: fail.acme-app-fail.com
@WhatsARanjit
WhatsARanjit / vault_agent.hcl
Last active December 15, 2021 16:19
Azure AD auth with Vault Agent
vault {
address = "http://vault:8200"
}
auto_auth {
method {
type = "azure"
config = {
resource = "lob_app"
role = "ssh_prod"
@WhatsARanjit
WhatsARanjit / ns.sh
Created February 23, 2021 19:38
Cross-NS entity Vault test
# Setup namespaces
$ export VAULT_ADDR=http://127.0.0.1:8200
$ vault namespace create foo
Key Value
--- -----
id zI8gb
path foo/
$ vault namespace create bar
Key Value
--- -----
@WhatsARanjit
WhatsARanjit / pipeline_entities.sh
Last active January 19, 2021 18:38
Using a "pipeline" entity to create all tokens for pipelines
# Enable audit log
$ vault audit enable file file_path=/tmp/audit/vault_audit.log
Success! Enabled the file audit device at: file/
# Add some example secrets for prod and dev
$ vault secrets enable -version=2 kv
$ vault kv put kv/production/stuff foo=bar
$ vault kv put kv/development/stuff devfoo=devbar
Success! Enabled the kv secrets engine at: kv/
Key Value